Skip to content

New PayPal scam exploits Google Ads and pay links to target users

  • by
  • 3 min read

A sophisticated new scam is targeting PayPal customers. It leverages Google Search Ads and PayPal’s payment infrastructure to deceive victims into contacting fraudulent support agents.

According to researchers, this scheme is particularly dangerous on mobile devices, where screen limitations and a lack of security tools make it harder for users to detect fraud. Since Google places sponsored results at the top, users may not scroll past the ads to reach organic links. This increases the chances of failing for fraudulent ads.

The campaign begins when cybercriminals set up deceptive Google Ads that impersonate PayPal. The ads appear legitimate because they display PayPal’s official domain, yet they redirect users to fraudulent pages. A loophole in Google’s ad policy allows scammers to use PayPal’s legitimate domain for their final URL, making the deception highly effective.

This is an image of paypalscam googleads malwarebytes ss1
Scammer’s supposed helpine. | Source: Malwarebytes

Once a user clicks the ad, they are directed to a URL formatted as: paypal.com/ncp/payment/[unique ID]. As researchers point out, this is a legitimate feature called PayPal’s ‘No-Code Checkout,’ intended for merchants to generate quick payment links.

However, scammers abuse it to create pages that falsely claim to offer PayPal support. These pages often display fraudulent customer service phone numbers, tricking users into calling scam operators.

While the exact nature of the fraud varies, researchers stated, “We did not follow-up with the provided phone number; however we believe it likely ends with victims handing over their personal information to scammers and getting fleeced.” This could lead to identity theft, unauthorised transactions, or direct financial losses.

This is an image of paypalscam googleads malwarebytes ss2
Legitimate PayPal links used as phishing lures. | Source: Malwarebytes

This is the second phishing campaign targeting PayPal users. Last month, cyber fraudsters deployed sophisticated techniques to bypass security defences using a valid email address and a legitimate PayPal link.

Google Ads were used by scammers last month to target advertisers globally. In December last year, reports came out that a phishing campaign targeted Kaiser Permanente employees using Google Ads.

In November 2024, tech support scammers targeted eBay customers using Google Ads. Moreover, cyber crooks were found to be distributing D3F@ck Loader malware exploiting Google Ads as a pathway to infiltrate systems.

In the News: Mozilla faces uproar over updated ToS and Privacy Policy

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: kumarhemant@pm.me

Related Reads

This is an image of mozilla firefox 32898sd

Mozilla faces uproar over updated ToS and Privacy Policy

This is an image of spyzie spy app featured

Massive Spyzie data leak exposes over half a million Android devices

This is an image of surveillance security privacy 89892

Cellebrite bans Serbia for misusing equipment

Photo by morrowind/shutterstock. Com

FBI blames North Korean hackers for $1.5 billion Bybit heist

This is an image of wordpress featured 994

Automattic faces class action lawsuit over WP Engine sabotage

  • by
  • In News
This is an image of wordpress featured 99

Fake WordPress plugin injects casino spam links on websites

>